{
  "id": "terraform/terraform-apply-permission-denied-s3-backend",
  "signature": "Error: error accessing remote state: AccessDenied: Access Denied",
  "signature_zh": "错误：访问远程状态时出错：AccessDenied：访问被拒绝",
  "regex": "error accessing remote state: AccessDenied: Access Denied",
  "domain": "terraform",
  "category": "auth_error",
  "subcategory": null,
  "root_cause": "The IAM user/role does not have sufficient permissions to read/write the S3 bucket used for remote state storage.",
  "root_cause_type": "generic",
  "root_cause_zh": "IAM 用户/角色没有足够的权限来读/写用于远程状态存储的 S3 存储桶。",
  "versions": [
    {
      "version": "Terraform v1.0+",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "AWS S3 backend",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "Reconfiguration does not change IAM permissions; still fails.",
      "fail_rate": 0.8,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Region mismatch is not the cause; permissions are region-agnostic for S3.",
      "fail_rate": 0.3,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Attach the necessary IAM policy to the user/role: s3:ListBucket, s3:GetObject, s3:PutObject, s3:DeleteObject on the state bucket",
      "success_rate": 0.95,
      "how": "Attach the necessary IAM policy to the user/role: s3:ListBucket, s3:GetObject, s3:PutObject, s3:DeleteObject on the state bucket",
      "condition": "",
      "sources": []
    },
    {
      "action": "Check if S3 bucket policy or ACL is blocking access; update bucket policy to allow the IAM role",
      "success_rate": 0.85,
      "how": "Check if S3 bucket policy or ACL is blocking access; update bucket policy to allow the IAM role",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "将必要的 IAM 策略附加到用户/角色：对状态存储桶的 s3:ListBucket、s3:GetObject、s3:PutObject、s3:DeleteObject",
    "检查 S3 存储桶策略或 ACL 是否阻止访问；更新存储桶策略以允许 IAM 角色"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://developer.hashicorp.com/terraform/language/settings/backends/s3#s3-bucket-permissions",
  "official_doc_section": null,
  "error_code": "AccessDenied",
  "verification_tier": "ai_generated",
  "confidence": 0.86,
  "fix_success_rate": 0.85,
  "resolvable": "true",
  "first_seen": "2023-05-12",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}